Keycloak is an open source Identity and Access Management solution. This is the preferred authentication mode for Optimization Server.
All the clients need to get an authentication token from the defined keycloak instance deployed within the infrastructure to access the Master API:
The pre-configured realm is “decisionbrain” and the client is “optimserver”. The role “optimserver” gives access to master API. The group “web-console” has role “optimserver”.
A default user is provided, part of group “web-console”, with the following credentials: “optimserver” / “optimserver”.
The following example can be used for any Java based application to get a token:
Add this dependency to your project’s POM:
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-authz-client</artifactId>
<version>4.8.2.Final</version>
</dependency>
Add this dependency to your project’s build file:
compile "org.keycloak:keycloak-authz-client:4.8.2.Final"
You can then get an access token with a simple code :
public String getToken() {
final Configuration configuration = new Configuration("keycloakUrl",
"decisionbrain", // keycloak realm
"optimserver", // keycloak client
Collections.singletonMap("secret", ""),
HttpClients.createDefault());
try {
return AuthzClient.create(configuration).obtainAccessToken("optimserver", "optimserver").getToken(); // keycloak user and password
} catch (Exception e) {
throw new IllegalArgumentException("Token can't be obtained", e);
}
}
This token can be used in all HTTP requests to call the Master API. It should be passed in an AUTHORIZATION Http Request Header with the prefix Bearer.
Example :
curl -H 'Authorization: Bearer TOKEN' http://MASTER_URL